1 .\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
3 .\" Permission to use, copy, modify, and distribute this software for any
4 .\" purpose with or without fee is hereby granted, provided that the above
5 .\" copyright notice and this permission notice appear in all copies.
7 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9 .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
10 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
11 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
12 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
13 .\" PERFORMANCE OF THIS SOFTWARE.
15 .\" $Id: named.conf.5,v 1.1.2.23 2007/01/30 00:23:44 marka Exp $
19 .\" Title: \fInamed.conf\fR
21 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
22 .\" Date: Aug 13, 2004
26 .TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9"
27 .\" disable hyphenation
29 .\" disable justification (adjust text to left margin only)
32 named.conf \- configuration file for named
39 is the configuration file for
40 \fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
44 C++ style: // to end of line
46 Unix style: # to end of line
51 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
58 key \fIdomain_name\fR {
59 algorithm \fIstring\fR;
68 masters \fIstring\fR [ port \fIinteger\fR ] {
69 ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
70 \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
78 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
81 edns\-udp\-size \fIinteger\fR;
82 max\-udp\-size \fIinteger\fR;
83 provide\-ixfr \fIboolean\fR;
84 request\-ixfr \fIboolean\fR;
85 keys \fIserver_key\fR;
86 transfers \fIinteger\fR;
87 transfer\-format ( many\-answers | one\-answer );
88 transfer\-source ( \fIipv4_address\fR | * )
89 [ port ( \fIinteger\fR | * ) ];
90 transfer\-source\-v6 ( \fIipv6_address\fR | * )
91 [ port ( \fIinteger\fR | * ) ];
92 support\-ixfr \fIboolean\fR; // obsolete
101 \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
110 inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
111 [ port ( \fIinteger\fR | * ) ]
112 allow { \fIaddress_match_element\fR; ... }
113 [ keys { \fIstring\fR; ... } ];
114 unix \fIunsupported\fR; // not implemented
123 channel \fIstring\fR {
125 syslog \fIoptional_facility\fR;
128 severity \fIlog_severity\fR;
129 print\-time \fIboolean\fR;
130 print\-severity \fIboolean\fR;
131 print\-category \fIboolean\fR;
133 category \fIstring\fR { \fIstring\fR; ... };
142 listen\-on [ port \fIinteger\fR ] {
143 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
145 view \fIstring\fR \fIoptional_class\fR;
146 search { \fIstring\fR; ... };
156 avoid\-v4\-udp\-ports { \fIport\fR; ... };
157 avoid\-v6\-udp\-ports { \fIport\fR; ... };
158 blackhole { \fIaddress_match_element\fR; ... };
161 directory \fIquoted_string\fR;
162 dump\-file \fIquoted_string\fR;
164 heartbeat\-interval \fIinteger\fR;
165 host\-statistics \fIboolean\fR; // not implemented
166 host\-statistics\-max \fInumber\fR; // not implemented
167 hostname ( \fIquoted_string\fR | none );
168 interface\-interval \fIinteger\fR;
169 listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
170 listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
171 match\-mapped\-addresses \fIboolean\fR;
172 memstatistics\-file \fIquoted_string\fR;
173 pid\-file ( \fIquoted_string\fR | none );
175 querylog \fIboolean\fR;
176 recursing\-file \fIquoted_string\fR;
177 random\-device \fIquoted_string\fR;
178 recursive\-clients \fIinteger\fR;
179 serial\-query\-rate \fIinteger\fR;
180 server\-id ( \fIquoted_string\fR | none |;
181 stacksize \fIsize\fR;
182 statistics\-file \fIquoted_string\fR;
183 statistics\-interval \fIinteger\fR; // not yet implemented
184 tcp\-clients \fIinteger\fR;
185 tcp\-listen\-queue \fIinteger\fR;
186 tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
187 tkey\-gssapi\-credential \fIquoted_string\fR;
188 tkey\-domain \fIquoted_string\fR;
189 transfers\-per\-ns \fIinteger\fR;
190 transfers\-in \fIinteger\fR;
191 transfers\-out \fIinteger\fR;
192 use\-ixfr \fIboolean\fR;
193 version ( \fIquoted_string\fR | none );
194 allow\-recursion { \fIaddress_match_element\fR; ... };
195 sortlist { \fIaddress_match_element\fR; ... };
196 topology { \fIaddress_match_element\fR; ... }; // not implemented
197 auth\-nxdomain \fIboolean\fR; // default changed
198 minimal\-responses \fIboolean\fR;
199 recursion \fIboolean\fR;
201 [ class \fIstring\fR ] [ type \fIstring\fR ]
202 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
204 provide\-ixfr \fIboolean\fR;
205 request\-ixfr \fIboolean\fR;
206 rfc2308\-type1 \fIboolean\fR; // not yet implemented
207 additional\-from\-auth \fIboolean\fR;
208 additional\-from\-cache \fIboolean\fR;
209 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
210 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
211 cleaning\-interval \fIinteger\fR;
212 min\-roots \fIinteger\fR; // not implemented
213 lame\-ttl \fIinteger\fR;
214 max\-ncache\-ttl \fIinteger\fR;
215 max\-cache\-ttl \fIinteger\fR;
216 transfer\-format ( many\-answers | one\-answer );
217 max\-cache\-size \fIsize_no_default\fR;
218 max\-acache\-size \fIsize_no_default\fR;
219 clients\-per\-query \fInumber\fR;
220 max\-clients\-per\-query \fInumber\fR;
221 check\-names ( master | slave | response )
222 ( fail | warn | ignore );
223 check\-mx ( fail | warn | ignore );
224 check\-integrity \fIboolean\fR;
225 check\-mx\-cname ( fail | warn | ignore );
226 check\-srv\-cname ( fail | warn | ignore );
227 cache\-file \fIquoted_string\fR; // test option
228 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
229 preferred\-glue \fIstring\fR;
230 dual\-stack\-servers [ port \fIinteger\fR ] {
231 ( \fIquoted_string\fR [port \fIinteger\fR] |
232 \fIipv4_address\fR [port \fIinteger\fR] |
233 \fIipv6_address\fR [port \fIinteger\fR] ); ...
235 edns\-udp\-size \fIinteger\fR;
236 max\-udp\-size \fIinteger\fR;
237 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
238 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
239 dnssec\-enable \fIboolean\fR;
240 dnssec\-validation \fIboolean\fR;
241 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
242 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
243 dnssec\-accept\-expired \fIboolean\fR;
244 empty\-server \fIstring\fR;
245 empty\-contact \fIstring\fR;
246 empty\-zones\-enable \fIboolean\fR;
247 disable\-empty\-zone \fIstring\fR;
248 dialup \fIdialuptype\fR;
249 ixfr\-from\-differences \fIixfrdiff\fR;
250 allow\-query { \fIaddress_match_element\fR; ... };
251 allow\-query\-cache { \fIaddress_match_element\fR; ... };
252 allow\-transfer { \fIaddress_match_element\fR; ... };
253 allow\-update { \fIaddress_match_element\fR; ... };
254 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
255 update\-check\-ksk \fIboolean\fR;
256 notify \fInotifytype\fR;
257 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
258 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
259 notify\-delay \fIseconds\fR;
260 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
261 [ port \fIinteger\fR ]; ... };
262 allow\-notify { \fIaddress_match_element\fR; ... };
263 forward ( first | only );
264 forwarders [ port \fIinteger\fR ] {
265 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
267 max\-journal\-size \fIsize_no_default\fR;
268 max\-transfer\-time\-in \fIinteger\fR;
269 max\-transfer\-time\-out \fIinteger\fR;
270 max\-transfer\-idle\-in \fIinteger\fR;
271 max\-transfer\-idle\-out \fIinteger\fR;
272 max\-retry\-time \fIinteger\fR;
273 min\-retry\-time \fIinteger\fR;
274 max\-refresh\-time \fIinteger\fR;
275 min\-refresh\-time \fIinteger\fR;
276 multi\-master \fIboolean\fR;
277 sig\-validity\-interval \fIinteger\fR;
278 transfer\-source ( \fIipv4_address\fR | * )
279 [ port ( \fIinteger\fR | * ) ];
280 transfer\-source\-v6 ( \fIipv6_address\fR | * )
281 [ port ( \fIinteger\fR | * ) ];
282 alt\-transfer\-source ( \fIipv4_address\fR | * )
283 [ port ( \fIinteger\fR | * ) ];
284 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
285 [ port ( \fIinteger\fR | * ) ];
286 use\-alt\-transfer\-source \fIboolean\fR;
287 zone\-statistics \fIboolean\fR;
288 key\-directory \fIquoted_string\fR;
289 zero\-no\-soa\-ttl \fIboolean\fR;
290 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
291 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
292 deallocate\-on\-exit \fIboolean\fR; // obsolete
293 fake\-iquery \fIboolean\fR; // obsolete
294 fetch\-glue \fIboolean\fR; // obsolete
295 has\-old\-clients \fIboolean\fR; // obsolete
296 maintain\-ixfr\-base \fIboolean\fR; // obsolete
297 max\-ixfr\-log\-size \fIsize\fR; // obsolete
298 multiple\-cnames \fIboolean\fR; // obsolete
299 named\-xfer \fIquoted_string\fR; // obsolete
300 serial\-queries \fIinteger\fR; // obsolete
301 treat\-cr\-as\-space \fIboolean\fR; // obsolete
302 use\-id\-pool \fIboolean\fR; // obsolete
310 view \fIstring\fR \fIoptional_class\fR {
311 match\-clients { \fIaddress_match_element\fR; ... };
312 match\-destinations { \fIaddress_match_element\fR; ... };
313 match\-recursive\-only \fIboolean\fR;
315 algorithm \fIstring\fR;
318 zone \fIstring\fR \fIoptional_class\fR {
321 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
325 \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
327 allow\-recursion { \fIaddress_match_element\fR; ... };
328 sortlist { \fIaddress_match_element\fR; ... };
329 topology { \fIaddress_match_element\fR; ... }; // not implemented
330 auth\-nxdomain \fIboolean\fR; // default changed
331 minimal\-responses \fIboolean\fR;
332 recursion \fIboolean\fR;
334 [ class \fIstring\fR ] [ type \fIstring\fR ]
335 [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
337 provide\-ixfr \fIboolean\fR;
338 request\-ixfr \fIboolean\fR;
339 rfc2308\-type1 \fIboolean\fR; // not yet implemented
340 additional\-from\-auth \fIboolean\fR;
341 additional\-from\-cache \fIboolean\fR;
342 query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
343 query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
344 cleaning\-interval \fIinteger\fR;
345 min\-roots \fIinteger\fR; // not implemented
346 lame\-ttl \fIinteger\fR;
347 max\-ncache\-ttl \fIinteger\fR;
348 max\-cache\-ttl \fIinteger\fR;
349 transfer\-format ( many\-answers | one\-answer );
350 max\-cache\-size \fIsize_no_default\fR;
351 max\-acache\-size \fIsize_no_default\fR;
352 clients\-per\-query \fInumber\fR;
353 max\-clients\-per\-query \fInumber\fR;
354 check\-names ( master | slave | response )
355 ( fail | warn | ignore );
356 check\-mx ( fail | warn | ignore );
357 check\-integrity \fIboolean\fR;
358 check\-mx\-cname ( fail | warn | ignore );
359 check\-srv\-cname ( fail | warn | ignore );
360 cache\-file \fIquoted_string\fR; // test option
361 suppress\-initial\-notify \fIboolean\fR; // not yet implemented
362 preferred\-glue \fIstring\fR;
363 dual\-stack\-servers [ port \fIinteger\fR ] {
364 ( \fIquoted_string\fR [port \fIinteger\fR] |
365 \fIipv4_address\fR [port \fIinteger\fR] |
366 \fIipv6_address\fR [port \fIinteger\fR] ); ...
368 edns\-udp\-size \fIinteger\fR;
369 max\-udp\-size \fIinteger\fR;
370 root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
371 disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
372 dnssec\-enable \fIboolean\fR;
373 dnssec\-validation \fIboolean\fR;
374 dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
375 dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
376 dnssec\-accept\-expired \fIboolean\fR;
377 empty\-server \fIstring\fR;
378 empty\-contact \fIstring\fR;
379 empty\-zones\-enable \fIboolean\fR;
380 disable\-empty\-zone \fIstring\fR;
381 dialup \fIdialuptype\fR;
382 ixfr\-from\-differences \fIixfrdiff\fR;
383 allow\-query { \fIaddress_match_element\fR; ... };
384 allow\-query\-cache { \fIaddress_match_element\fR; ... };
385 allow\-transfer { \fIaddress_match_element\fR; ... };
386 allow\-update { \fIaddress_match_element\fR; ... };
387 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
388 update\-check\-ksk \fIboolean\fR;
389 notify \fInotifytype\fR;
390 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
391 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
392 notify\-delay \fIseconds\fR;
393 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
394 [ port \fIinteger\fR ]; ... };
395 allow\-notify { \fIaddress_match_element\fR; ... };
396 forward ( first | only );
397 forwarders [ port \fIinteger\fR ] {
398 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
400 max\-journal\-size \fIsize_no_default\fR;
401 max\-transfer\-time\-in \fIinteger\fR;
402 max\-transfer\-time\-out \fIinteger\fR;
403 max\-transfer\-idle\-in \fIinteger\fR;
404 max\-transfer\-idle\-out \fIinteger\fR;
405 max\-retry\-time \fIinteger\fR;
406 min\-retry\-time \fIinteger\fR;
407 max\-refresh\-time \fIinteger\fR;
408 min\-refresh\-time \fIinteger\fR;
409 multi\-master \fIboolean\fR;
410 sig\-validity\-interval \fIinteger\fR;
411 transfer\-source ( \fIipv4_address\fR | * )
412 [ port ( \fIinteger\fR | * ) ];
413 transfer\-source\-v6 ( \fIipv6_address\fR | * )
414 [ port ( \fIinteger\fR | * ) ];
415 alt\-transfer\-source ( \fIipv4_address\fR | * )
416 [ port ( \fIinteger\fR | * ) ];
417 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
418 [ port ( \fIinteger\fR | * ) ];
419 use\-alt\-transfer\-source \fIboolean\fR;
420 zone\-statistics \fIboolean\fR;
421 key\-directory \fIquoted_string\fR;
422 zero\-no\-soa\-ttl \fIboolean\fR;
423 zero\-no\-soa\-ttl\-cache \fIboolean\fR;
424 allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
425 fetch\-glue \fIboolean\fR; // obsolete
426 maintain\-ixfr\-base \fIboolean\fR; // obsolete
427 max\-ixfr\-log\-size \fIsize\fR; // obsolete
435 zone \fIstring\fR \fIoptional_class\fR {
436 type ( master | slave | stub | hint |
437 forward | delegation\-only );
438 file \fIquoted_string\fR;
439 masters [ port \fIinteger\fR ] {
441 \fIipv4_address\fR [port \fIinteger\fR] |
442 \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
444 database \fIstring\fR;
445 delegation\-only \fIboolean\fR;
446 check\-names ( fail | warn | ignore );
447 check\-mx ( fail | warn | ignore );
448 check\-integrity \fIboolean\fR;
449 check\-mx\-cname ( fail | warn | ignore );
450 check\-srv\-cname ( fail | warn | ignore );
451 dialup \fIdialuptype\fR;
452 ixfr\-from\-differences \fIboolean\fR;
453 journal \fIquoted_string\fR;
454 zero\-no\-soa\-ttl \fIboolean\fR;
455 allow\-query { \fIaddress_match_element\fR; ... };
456 allow\-transfer { \fIaddress_match_element\fR; ... };
457 allow\-update { \fIaddress_match_element\fR; ... };
458 allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
460 ( grant | deny ) \fIstring\fR
461 ( name | subdomain | wildcard | self ) \fIstring\fR
462 \fIrrtypelist\fR; ...
464 update\-check\-ksk \fIboolean\fR;
465 notify \fInotifytype\fR;
466 notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
467 notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
468 notify\-delay \fIseconds\fR;
469 also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
470 [ port \fIinteger\fR ]; ... };
471 allow\-notify { \fIaddress_match_element\fR; ... };
472 forward ( first | only );
473 forwarders [ port \fIinteger\fR ] {
474 ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
476 max\-journal\-size \fIsize_no_default\fR;
477 max\-transfer\-time\-in \fIinteger\fR;
478 max\-transfer\-time\-out \fIinteger\fR;
479 max\-transfer\-idle\-in \fIinteger\fR;
480 max\-transfer\-idle\-out \fIinteger\fR;
481 max\-retry\-time \fIinteger\fR;
482 min\-retry\-time \fIinteger\fR;
483 max\-refresh\-time \fIinteger\fR;
484 min\-refresh\-time \fIinteger\fR;
485 multi\-master \fIboolean\fR;
486 sig\-validity\-interval \fIinteger\fR;
487 transfer\-source ( \fIipv4_address\fR | * )
488 [ port ( \fIinteger\fR | * ) ];
489 transfer\-source\-v6 ( \fIipv6_address\fR | * )
490 [ port ( \fIinteger\fR | * ) ];
491 alt\-transfer\-source ( \fIipv4_address\fR | * )
492 [ port ( \fIinteger\fR | * ) ];
493 alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
494 [ port ( \fIinteger\fR | * ) ];
495 use\-alt\-transfer\-source \fIboolean\fR;
496 zone\-statistics \fIboolean\fR;
497 key\-directory \fIquoted_string\fR;
498 ixfr\-base \fIquoted_string\fR; // obsolete
499 ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
500 maintain\-ixfr\-base \fIboolean\fR; // obsolete
501 max\-ixfr\-log\-size \fIsize\fR; // obsolete
502 pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
508 \fI/etc/named.conf\fR
513 \fBBIND 9 Administrator Reference Manual\fR().
515 Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")